Re: [Trans] Precertificate format

"Hill, Brad" <> Mon, 08 September 2014 23:46 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E14181A03E5 for <>; Mon, 8 Sep 2014 16:46:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -20.602
X-Spam-Status: No, score=-20.602 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2N_LAKu-MtVq for <>; Mon, 8 Sep 2014 16:45:59 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 95EE21A038F for <>; Mon, 8 Sep 2014 16:45:59 -0700 (PDT)
DomainKey-Signature: s=paypalcorp;; c=nofws; q=dns; h=X-EBay-Corp:X-IronPort-AV:Received:Received:From:To:CC: Subject:Thread-Topic:Thread-Index:Date:Message-ID: References:In-Reply-To:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:x-originating-ip: Content-Type:Content-ID:Content-Transfer-Encoding: MIME-Version:X-CFilter-Loop; b=XxcMOnvGgV8fD8O32UuqmXx2n8APzGaoSbvrO5Hr2/ArRc8ye15Ju83k 3aDCaiP79U/dq2CtEHmox5C16PTJflnH/+XZXQ3pfHO5MFMGbLfD01SHb bk28+dFfFrK/U+IEdy2d45GkTe+ZB5NgsGCZGgmcDGMKcKRpM/agUdPLm I=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;;; q=dns/txt; s=paypalcorp; t=1410219959; x=1441755959; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=JPHQTORKB2sxXdLntPcNdvRo1eNLZqy/WL9IOKDBXYM=; b=lATD1MMz/H8+xuMRZVrJplUceDkwbQp8w0NGmcRX+amd7/De1LsnrNvv udNdNbhG9rBaEdFSDLrN/6H9cqyEkVyO3NVAokan4x/CtOgF+KIdZelRx eGc/y4p4k5RwlzSHFTTWS2XfAaBEWGPYhx2uxojKJq5kqQ91ynxd3O5u1 4=;
X-EBay-Corp: Yes
X-IronPort-AV: E=Sophos;i="5.04,489,1406617200"; d="scan'208";a="66969913"
Received: from (HELO ([]) by with ESMTP; 08 Sep 2014 16:45:59 -0700
Received: from ([fe80::40c1:9cf7:d21e:46c]) by ([fe80::a487:c570:9abc:bb59%14]) with mapi id 14.03.0195.001; Mon, 8 Sep 2014 17:45:58 -0600
From: "Hill, Brad" <>
To: Stephen Kent <>
Thread-Topic: [Trans] Precertificate format
Thread-Index: AQHPy5XLYSwX2tnWQEaqKCD7yx+AWJv4EOYAgAA6mQA=
Date: Mon, 8 Sep 2014 23:45:57 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mailman-Approved-At: Mon, 08 Sep 2014 17:13:38 -0700
Cc: "" <>
Subject: Re: [Trans] Precertificate format
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Sep 2014 23:46:01 -0000

> I suggest that the CT designers list which data items from a cert that is being
> logged need to be in the SCT request, and why each item has to be present. Maybe that
> will show us how to avoid the concern that I and others have raised. It would also
> provide us with a starting point for the format of a new data structure for the SCT
> request, and the set of data that is input to the SCT hash computation.

The serial number needs to be part of the logged proof because that is the key on which existing revocation mechanisms operate.  Transparently identifying that a certificate has been issued incorrectly is of little utility unless that certificate can be revoked.

The alternatives are revoking the issuing CA on any leaf mis-issuance or inventing alternate revocation mechanisms. 

The latter may be less of an obstacle than it appears since the major implementers of CT are also in the process of inventing and deploying their own (currently) proprietary revocation systems alongside CT.

Nevertheless, one would need something stable to uniquely identify the certificate for these purposes, which ends up looking a lot like a serial number however you slice it.  (You can't use a cryptograhpic hash of the final cert for this, either, because that would require a preimage in the log.)

-Brad Hill